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REMARKS 

Claims 1-20 were pending.. By this Amendment, claims 2-5, 8, 9, 
12, 13, 15, 16, 18 and 19 have been canceled, without prejudice 
or disclaimer, and claims 1, 6, 7, 14, 17 and 20 have been 
amended to place the claims in better form for examination and 
clarify the claimed invention. Accordingly, claims 1, 6, 7, 10, 
11, 14, 17 and 20 are now pending and presented for examination 
in the subject application, with claims 1, 6, 7, 14, 17 and 20 in 
independent form. 

Applicant maintains that no new matter is introduced by this 
Amendment . Support for the claim amendments may be found in the 
application, for example, in claims 2, 4 and 5 as originally 
filed. Accordingly, Applicant respectfully requests that this 
Amendment be entered. 

Rejection Under 35 U.S.C. §103 (a) 

On page 2 of the July 6, 2004 Office Action, claims 1-20 were 
rejected under 35 U.S.C. §103 (a) as allegedly unpatentable over 
U.S. Patent No. 6,339,423 to Sampson et al . in view of U.S. 
Patent No. 6,032,260 to Sasmazel et al . 

In reference to claims 1, 7 and 12-20, the Office Action states 
that Sampson discloses an access authentication system for 
providing a client with a service of connection to a terminal 
server. The Office Action further states that the system 
includes a first authentication seirver for determining whether or 
not the client should be connected to the first terminal server, 
on the basis of personal information input by the client to the 
first terminal server. The Office Action also states that the 
first authentication server creating first ticket data by 
encoding a client parameter, which includes part of the personal 
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information, on the basis of a predetermined formula. The Office 
Action further states that the access control 240 performs the 
function of the authentication server by determining if the 
browser is authenticated. The Office Action states that the 
access control also sends the browser a cookie that is encrypted 
therefore encoded personal information using a predetermined 
formula. The Office Action also states that Sampson creates a 
second cookie by encoding the client parameter on the basis of a 
predetermined formula when the browser tries to connect to a new 
domain . 

The Office Action acknowledges that Sampson does not expressly 
disclose transferring the ticket to the web server, checking 
whether the ticket is used, and supplying the web server with 
information indicative of whether the second terminal server 
should be connected to the client. 

The Office Action states that Sasmazel discloses a system of 
transferring the eticket from server to server. The Office 
Action further states that the eticket of Sasmazel is transferred 
to the second terminal server by the first sending it to the 
browser and then the browser send the ticket to the web server 
220 or 240. The Office Action also states that the second 
authorization server (360) , which performs the function of the 
second authentication server of detecting whether or not client 
parameter is valid and whether or not the first ticket data has 
been used. The Office Action further states that Sasmazel checks 
whether the user is in session, which is a method of checking 
whether the eticket has been used. The Office Action states that 
the web server is then supplied data indicative of whether or not 
the second terminal server should be connected to the client. 
The Office Action also states that Sasmazel stores in a file 
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information for authenticating the user and therefore first 
ticket data. The Office Action further states that comparing the 
first and second ticket data includes checking the validity of 
the ticket. 

The Office Action alleges that at the time the invention was 
made, it would have been obvious to a person of ordinary skill in 
the art to transfer the ticket information to the web server, 
check whether the ticket is used and supply the web server with 
information indicative of whether the second terminal server 
should be connected to the client as in the system of Sasmazel in 
the system of Sampson. The Office Action further alleges that 
one of ordinary skill in the art would have been motivated to do 
this because the ticket may be securely passed from server to 
server without the user having to re-authenticate. 

In reference to claims 2 and 8, more specifically, the limitation 
that wherein the predetermined formula is summarization using a 
one-way function, the Office Action acknowledges that Sampson 
does not expressly disclose a summarization formula. 

The Office Action- states that Sasmazel discloses that the 
predetermined formula is a summarization using a one-way 
function. 

The Office Action alleges that at the time, the invention was 
made, it would have been obvious to a person of ordinary skill in 
the art to use a secure hash function. The Office Action further 
alleges that one of ordinary skill in the art would have been 
motivated to do this because the ticket can be validated without 
communication between distributed servers. 
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In references to claim 3 and 9, more specifically, the limitation 
that wherein the access authentication system characterized in 
that the client parameter includes at least one of ID information 
of the client, an access-originator IP address and an expiration 
date set for the first ticket data, the Office Action 
acknowledges that Sampson does not expressly disclose the ID 
information of the client including an expiration date. 

The Office Action states that the system of Sasmazel discloses 
the client parameter includes at least one of ID information of 
the client, an " access-originator IP address and an expiration 
date set for the first ticket data. 

The Office Action alleges that at the time the invention was 
made, it would have been obvious to a person of ordinary skill in 
the art to include as ID information access IP address and an 
expiration date as in the system of Sasmazel in the system of 
Sampson. The Office Action further alleges that one of ordinary 
skill in the art would have been motivated to do this because the 
ticket may be securely passed from server to server without the 
user having to re-authenticate. 

In reference to claim 4, more specifically, the limitation that 
wherein the first and second authentication servers include a 
predetermined common character string in the first and second 
ticket data, respectively, the Office Action refers to Sampson, 
column 4, lines 47-56 . 

In reference to claim 5, the Office Action acknowledges that 
Sampson does not expressly disclose a system wherein the common 
character string is changed at a predetermined point in time. 
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The Office Action states that the system of Sasmazel suggests the 
common character string is changed at a predetermined point in 
time . 

The Office Action alleges that at the time the invention was 
made, it would have been obvious to a person of ordinairy skill in 
the art to update information on the ticket. The Office Action 
further alleges that one of ordinary skill in the art would have 
been motivated to do this because keeping updated information 
increases security by making sure that at the time the ticket is 
available the user is still authorized to access the resources 
specified . 

The Office Action states that claim 6 is rejected on the same 
basis as the rejection for claim one. The Office Action further 
states that in addition, Sampson discloses a system wherein the 
user may enter logon information. The Office Action also states 
that logon information includes an ID and a password entered by 
the client. The Office Action further states that the ticket 
disclosed by Sasmazel that is transported from server to server 
includes an expiration date; and a common character string in the 
form of a public signature. The Office Action states that since 
the ticket includes ID information and the system checks whether 
as user is in session. The Office Action also states that the 
system of Sasmazel therefore compares the access-originator IP 
address provided in the ticket which is sent to the second 
terminal server this would result in determining whether or not 
access by the client has been executed on or before the 
expiration date. 

In reference to claim 10, more specifically, the limitation that 
wherein the second authentication means judges validity of the 
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first ticket data, the Office Action acknowledges that Sampson 
does not expressly disclose the second authentication means 
judges validity of the first ticket data. 

The Office Action states that Sasmazel stores in a file 
information for authenticating the user and therefore first 
ticket data. ■ The Office Action further states that comparing the 
first and second ticket data includes checking the validity of 
the ticket. The Office Action also states that this suggests the 
second authentication means judges the validity of the first 
ticket data. 

The Office Action alleges that at the time the invention was 
made, it would have been obvious to a person of ordinary skill in 
the art to judge the validity of the first ticket data as shown 
in Sasmazel in the system of Sampson. The Office Action further 
alleges that one of ordinary skill in the art would have been 
motivated to this because checking the validity of the ticket 
would expose any attempt to carry out fraud. 

In reference to claim 11, more specifically, the limitation that 
wherein the second authentication means judges legality of the 
client parameter, the Office Action states that since the 
validity of the ticket is checked it follows that the legality of 
the client parameter is check. 

Applicant maintains that Sampson and Sasmazel do not render 
obvious the claimed invention. The claimed invention is 
patentable over Sampson and Sasmazel for at least the following 
reasons . 



The present application relates to access authentication when 
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service is provided to connect a client to a terminal server via 
another terminal server. The claimed invention of the present 
application provides for authentication by transferring client 
parameter and first ticket data created by the first 
authentication server to the second authentication server, and 
comparing the second ticket data created in the second 
authentication server with the first ticket data, thereby judging 
whether these two coincide with each other. 

Since the first ticket data and the client parameter are sent via 
the internet or the like, a risk of interception and 
falsification exists. Applicant recognized this risk and devised 
a technique for making it impossible as a practical matter to 
have a third person fabricate the first ticket data and the 
client data. That is, even if the client data is falsified by a 
third person, there will be no harm if the first ticket data and 
the second data do not coincide with each other. In other words, 
there will be no harm if a formula of transforming the first 
ticket data from client parameter is prevented from being 
analyzed by the outsider. 

According to the claimed invention, a one-way function is used 
when a first ticket data is created on the basis of a common 
character string that is changed at predetermined intervals and a 
client parameter. If a reverse calculation is performed based on 
the one-way function, to derive the client parameter and the 
common character string takes some time but is not impossible. 
However, if the common character string that the first 
authentication server and the second authentication server have 
in common is changed within a short time, even if a third person 
performed a reverse calculation based on the one-way function and 
the common character string is thus derived, the effectiveness 
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of the derived character string would probably have already 
expired. 

On the other hand, since the first ticket data and the client 
parameter are input in the second authentication server, the 
second ticket data is created with ease by using the client 
parameter and the common character string, allowing 
authentication by comparing it with the first ticket data. 

Sampson and Sasmazel do not disclose how to deal with 
unauthorized access by a third person, as provided by the claimed 
invention . 

Therefore, even a combination of the teachings of Sampson and 
Sasmazel fails to teach or render obvious all features of the 
claimed invention. 

Accordingly, Applicant respectfully requests that the Examiner 
reconsider and withdraw the rejection under 35 U.S.C. §103 (a) . 

In view of the claim amendments and remarks hereinabove. 
Applicant maintains that the application is now in condition for 
allowance. 

If a telephone interview would be of assistance in advancing 
prosecution of the subject application. Applicant's undersigned 
attorneys invite the Examiner to telephone them at the telephone 
number provided below. 

If a petition for an extension of time is required to make this 
response timely, this paper should be considered to be such a 
petition, and the Commissioner is authorized to charge the 
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requisite fees to our Deposit Account No. 03-3125. 

No fee is deemed necessary in connection with the filing of this 
Amendment. However, if any additional fee is required, 
authorization is hereby given to charge the amount of any such 
fee to Deposit Account No. 03-3125. 



Respectfully submitted. 



I hereby certify that this correspondence is 
being deposited this date with the U.S. 
Postal Service with sufficient postage as 
first class mail in an envelope addressed 
to: Commissioner for Patents, P.O. Box 
1450, Alexandria, VA 22313-1450. 
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